On Fri, 2004-10-08 at 13:29 -0400, Stephen Smalley wrote: > On Fri, 2004-10-08 at 13:23, Justin Conover wrote: > > Is there any downside to running xfs with selinux? > > > > I'm just testing(playing) with test2 and I was thinking of using > > lvm/xfs/selinux. Choosing xfs because it is a good fs and easier to > > grow online than ext3. Plus I'm just testing :) > > We haven't tried xfs with SELinux ourselves, but it _should_ work. > Please report any problems. It has xattr handlers for the security > namespace. There was an earlier problem with xfs preventing SELinux > from internally accessing the xattrs, but I believe that has been fixed. The one catch is to use a larger inode size; 512 should be sufficient. XFS stores the xattr in the inode if there's enough space in it. Otherwise it has to allocate a whole block to store the xattr, which incurs a performance penalty and a waste of space. The default size (256) isn't big enough for the context. So when you mkfs, add -i size=512 to the command line options. -- Chris PeBenito Tresys Technology, LLC (410) 290-1411 x150
